Skip to content
This repository has been archived by the owner on Jul 3, 2020. It is now read-only.

[RFC] [3.x] Guards with Method Interception #244

Open
aeneasr opened this issue Jun 16, 2014 · 5 comments
Open

[RFC] [3.x] Guards with Method Interception #244

aeneasr opened this issue Jun 16, 2014 · 5 comments

Comments

@aeneasr
Copy link
Contributor

aeneasr commented Jun 16, 2014

Service protection is still a pain. It needs a lot of boilerplate code (DI, isGranted()) and coupling is encouraged by requiring the dev to inject the AuthorizationService. There is something called method interception which translates to a configurable way for protecting services and classes.

Here are some examples how that could work:

Array

'service_guard' => [
    'My\Namespace\MyService' => [
        'myMethod' => [
            'myPermission'
        ]
    ]
];

Annotations

/**
 * @ServiceGuard\RequiresPermission({'foo', 'bar'}, @Authorization\Or)
 * @ServiceGuard\SetContext('param1')
 */
public function doSomething($param1, $param2)
{
    //...
}

/**
 * @ServiceGuard\RequiresPermission({'foo', 'bar'}, @Authorization\Or)
 * @ServiceGuard\SetContextProvider('MyNamespace\Context\Provider')
 */
public function doSomething($param1, $param2)
{
    //...
}

XML

<?xml ...
<zfc-rbac-service-guard xmlns...>
 <service class="MyNamespace\Service\MyService">
  <method name="foo">
   <requires operator="or">
    <permission name="foo">
    <permission name="bar">
   </requires>
   <context />
  </method>
 </service>
</zfc-rbac>

Java is doing this and there are some frameworks out there which provide that functionality, so go ahead and give it a read:

There are already some interceptor implementations for PHP:

What do you think? Your feedback is much appreciated!
@aeneasr
Copy link
Contributor Author

aeneasr commented Jun 16, 2014

Ping @jmleroux, @danizord, @bakura10, @Ocramius ?

@jmleroux
Copy link
Contributor

I don't like annotations ! ;)
I prefer to centralize permissions in one file.
This is just a personnel preference (not talking about the performance overheat to parse annotations).
But i know that many people love annotations, so why not.

@jmleroux
Copy link
Contributor

It coulk make sense for controller guards, or service protections. But for route guards, i definitly prefer a config file.

@aeneasr
Copy link
Contributor Author

aeneasr commented Jun 16, 2014

It's definately a feature for service protections :)

@aeneasr aeneasr changed the title [RFC] [3.0] Annotations [RFC] [3.x] Annotations Jun 22, 2014
@aeneasr aeneasr changed the title [RFC] [3.x] Annotations [RFC] [3.x] Service protection with XML and Annotations Jun 22, 2014
@aeneasr aeneasr changed the title [RFC] [3.x] Service protection with XML and Annotations [RFC] [3.x] ServiceGuards: Method Interception Jun 22, 2014
@aeneasr aeneasr changed the title [RFC] [3.x] ServiceGuards: Method Interception [RFC] [3.x] AOP: Guards with Method Interception Jun 22, 2014
@aeneasr aeneasr changed the title [RFC] [3.x] AOP: Guards with Method Interception [RFC] [3.x] Guards with Method Interception Jun 22, 2014
@aeneasr
Copy link
Contributor Author

aeneasr commented Jun 22, 2014

I have done some research and updated the RFC accordingly

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jmleroux @aeneasr